Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue.AdvancedVirusRemover and Hijack.DisplayProperties found


  • This topic is locked This topic is locked
31 replies to this topic

#1 CopierGuy

CopierGuy

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 14 December 2009 - 10:29 PM

Found Rogue.AdvancedVirusRemover and Hijack.DisplayProperties with Malewarebytes. Computer is very slow and some admin rights are not working. I cannot install programs correctly or access web pages on my pc. I use this pc to demo software so I need to get admin rights working again and getmy programs running. Thanks for helping!

DDS (Ver_09-12-01.01) - NTFSx86
Run by at 0:18:08.74 on Mon 12/14/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.855 [GMT -5:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {624765C4-4E8B-47F1-B414-7F64B93B79D3}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\ascent\bin\acsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\PrintFree\DLL\F5SSpool.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Hyland\Services\PageHandlers\Hyland.Core.PageHandlers.NTService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Square9\XML Transform\SSXMLConverter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqsvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\GetSmart\ssCaptureManager.exe
C:\Program Files\Square9\Content Search\ssContentIndex.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\FabSoftFP.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PDF Converter 5\pdfpro5hook.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Documents and Settings\rxxxxxx.domain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\system32\dllhost.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ScanSoft\PDF Converter 5\NuanceWDS.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\rxxxxxx.domain\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\scansoft\pdf converter 5\bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\scansoft\pdf converter 5\bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\scansoft\pdf converter 5\bin\ZeonIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - No File
uRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [OpAgent] "OpAgent.exe" /agent
uRun: [Advanced Virus Remover] c:\program files\advancedvirusremover\AVR.exe
uRun: [Google Update] "c:\documents and settings\rxxxxxx.domain\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [<NO NAME>]
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [FtLnSOP_setup] c:\windows\twain_32\fjscan32\sop\FtLnSOP.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [FabSoft Font Packager] c:\windows\system32\FabSoftFP.exe
mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe
mRun: [cssauth] "c:\program files\ibm thinkvantage\client security solution\cssauth.exe" silent
mRun: [PDService.exe] "c:\program files\ibm thinkvantage\safeguard privatedisk\pdservice.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [FJTWAIN Setup] c:\windows\twain_32\fjscan32\FjtwMkup.exe /Station
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [vmware-tray] c:\program files\vmware\vmware workstation\vmware-tray.exe
mRun: [VMware hqtray] "c:\program files\vmware\vmware workstation\hqtray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\scansoft\pdf converter 5\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\scansoft\pdf converter 5\RegistryController.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
dRunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi"
dRunOnce: [supportdir] cmd /c "rmdir /q /s "c:\windows\temp\{DC78AACC-D3E4-4D92-95E8-42AFD802B8DB}""
dRunOnce: [rrgui] "c:\program files\ibm thinkvantage\rescue and recovery\rrgui.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
uPolicies-system: NoDispScrSavPage = 1 (0x1)
dPolicies-system: NoDispScrSavPage = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open with PDF Converter 5.2 - c:\program files\scansoft\pdf converter 5\cnvres_eng.dll /100
IE: Open with PDF Professional 5.2 - c:\program files\scansoft\pdf converter 5\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: deanfoods.com\sslweb
Trusted Zone: lcgrdms
DPF: {09ADBEAD-9044-48DC-B047-ED711C68B50C} - hxxp://127.0.0.1/SentryFile/WebScan.CAB
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {12B127F7-CC36-4A39-A334-AA39689155CE} - hxxp://127.0.0.1/SentryFile/TP3Cab.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://www.pandasecurity.com/activescan/cabs/as2stubie.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4592C0F5-3382-44C6-9F79-BEA2CCBDA2EA} - hxxp://localhost/appnet/activex/OBXWebSelect.cab
DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - hxxp://dsk/DSF/Client/setup.exe
DPF: {578AB2EB-85B7-4ED9-B8E6-40099F423B76} - hxxps://delivery.kofax.com/KofaxDownloader.CAB
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229659386703
DPF: {684605CB-C285-4F1A-BBEA-812ABD9457FF} - hxxp://localhost/appnet/activex/OBXFileSvc.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229659376328
DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://sslweb.deanfoods.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {7B0207CE-7FF6-11D4-A13A-004005FA6275} - hxxp://127.0.0.1/SentryFile/imagxpress6.cab
DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - hxxp://www.contentpurity.com/xp/ScanFilexp.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8D95D14D-4AFB-4885-8BF1-FB09FD72FCD2} - hxxps://www.eblvd.com/control/launcher/3.2/ebie.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} - hxxp://webdemo.onbase.com/Statusview/activex/OBXPopup.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39227.3322685185
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
DPF: {B54921F7-5A9C-4A5D-AFCA-DE91F8DD3A2F} - hxxp://127.0.0.1/SentryFile/previewer.CAB
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://66.242.36.104/app/view22RTE.cab
DPF: {C619FAB4-B348-4704-8BA3-A87D76BEE726} - hxxp://localhost/appnet/activex/OBXWebWorkflow.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DD8C2124-117D-40AC-AAD3-EB9984A87B13} - hxxp://localhost/appnet/activex/OBXWebViewer.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://fujitsu.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://demo3.onbase.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {EDE0B22E-A238-4996-8C57-2E5B8F31DE54} - hxxp://webdemo.onbase.com/AppNet/activex/OBXWebSelect.cab
DPF: {F5876F16-5217-4B38-96F3-C2BB80215302} - hxxp://obtest.sasinc.com:8443/appnet/activex/OBXWebViewer.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PRISMAPI.DLL - PRISMAPI.DLL
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap
LSA: Notification Packages = scecli csspwntfy ACGina psqlpwd ACGina ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Hosts: 192.168.100.2 aiserver
Hosts: 192.168.100.22 lcserver

============= SERVICES / DRIVERS ===============

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2005-12-21 6912]
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2007-6-19 18208]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-6 28544]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-8-22 14848]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2007-1-11 16384]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2008-3-21 8576]
R2 ControlSpoolService;PrintFree Spooler Service;c:\program files\printfree\dll\F5SSpool.exe [2008-12-17 593920]
R2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [2008-7-22 45056]
R2 Grn27fsm;PrintFree Directory Watch Service;c:\program files\printfree\dll\F5SSubServices.exe [2008-12-17 98816]
R2 Grn27LPD;PrintFree LPD Service;c:\program files\printfree\dll\F5SSubServices.exe [2008-12-17 98816]
R2 Hyland.Core.PageHandlers.NTService;Hyland PageHandlers Service;c:\program files\hyland\services\pagehandlers\Hyland.Core.PageHandlers.NTService.exe [2008-11-27 20480]
R2 InAspi32;InAspi32;c:\windows\system32\drivers\InAspi32.sys [2005-11-7 8704]
R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files\microsoft sql server\mssql.2\mssql\binn\msftesql.exe [2007-6-22 95592]
R2 MSSQL$ASCENTCAPTURE;MSSQL$ASCENTCAPTURE;c:\program files\ascent\server\mssql$ascentcapture\binn\sqlservr.exe [2005-5-3 9150464]
R2 NTPDA;NTPDA;c:\windows\system32\drivers\ntpda.sys [2009-4-16 3446]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\scansoft\pdf converter 5\PDFProFiltSrv.exe [2008-12-23 144672]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2009-9-3 61529]
R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-15 46142]
R2 Reform12_Spooler_Service;Reform12 Spooler Service;c:\program files\reform_enterprise_v12\ReformEnt.exe [2009-5-26 6459904]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 ssCaptureManager;ssCaptureWorkflow;c:\getsmart\ssCaptureManager.exe [2009-10-2 14848]
R2 ssContentIndex;ssContentSearch;c:\program files\square9\content search\ssContentIndex.exe [2009-3-19 15360]
R2 SSXMLTransform;SSXMLTransform;c:\program files\square9\xml transform\SSXMLConverter.exe [2008-7-2 32768]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-9-1 36368]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-2-3 427192]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-8-22 6528]
S2 SSImp Engine;SSImp Engine;c:\getsmart\SSIMPORTERWS.exe [2009-9-11 32768]
S2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2009-9-1 225808]
S3 ASMPB;AutoStore Status Monitor Port Broker;c:\program files\nsi\autostore\ASMPB.exe [2008-2-28 102400]
S3 E-mail Archive;E-mail Archive Service;c:\onbase\EMArchiver.exe [2007-11-9 17158144]
S3 Hyland.Diagnostics.NTService;Hyland Diagnostics Service;c:\program files\hyland\services\diagnostics\Hyland.Diagnostics.NTService.exe [2008-11-27 24576]
S3 LicMan;LicMan;c:\program files\common files\odt-oce\licman\bin\LicMan.exe [2005-11-9 798720]
S3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\drivers\memcard.sys [2006-11-17 8320]
S3 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
S3 MXBULK;DualCam Still, MXBulk3.Sys;c:\windows\system32\drivers\MXBulk3.sys [2009-1-13 50688]
S3 MXCap;DSC-06 Video Camera;c:\windows\system32\drivers\MXCap3.sys [2009-1-13 63104]
S3 NAVAP;NAVAP;\??\c:\program files\navnt\navap.sys --> c:\program files\navnt\NAVAP.sys [?]
S3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20070829.009\naveng.sys --> c:\progra~1\common~1\symant~1\virusd~1\20070829.009\NAVENG.sys [?]
S3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20070829.009\navex15.sys --> c:\progra~1\common~1\symant~1\virusd~1\20070829.009\NAVEX15.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 SQLAgent$ASCENTCAPTURE;SQLAgent$ASCENTCAPTURE;c:\program files\ascent\server\mssql$ascentcapture\binn\sqlagent.EXE [2005-5-3 323584]
S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql.2\mssql\binn\SQLAGENT90.EXE [2008-11-24 346976]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-9-1 575064]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [2005-4-21 14336]
S3 usbkey;USB Dongle;c:\windows\system32\drivers\USBkey.sys [2005-12-12 28848]

=============== Created Last 30 ================

2009-12-14 05:12:55 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-12-13 20:41:45 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll
2009-12-13 20:03:21 0 d-----w- c:\documents and settings\rxxxxxx.domain\SecurityScans
2009-12-13 19:58:27 0 d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2009-12-11 04:16:06 0 d-----w- c:\windows\system32\ACLSet
2009-12-11 02:18:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-10 20:00:22 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-10 20:00:17 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-10 20:00:16 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-10 20:00:12 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-10 20:00:07 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-10 19:58:56 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2009-12-10 19:57:57 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2009-12-10 19:56:57 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2009-12-10 19:55:58 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2009-12-10 19:54:58 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2009-12-10 19:53:56 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2009-12-10 19:52:56 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys
2009-12-10 19:51:57 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2009-12-10 19:50:58 23936 ----a-w- c:\windows\system32\dllcache\sccmusbm.sys
2009-12-10 19:49:56 79872 ----a-w- c:\windows\system32\dllcache\rwia430.dll
2009-12-10 19:48:59 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2009-12-10 19:47:56 16384 ----a-w- c:\windows\system32\dllcache\philcam1.dll
2009-12-10 19:46:56 116736 ----a-w- c:\windows\system32\dllcache\ovcodec2.dll
2009-12-10 19:45:55 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-12-10 19:44:57 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2009-12-10 19:43:57 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2009-12-10 19:42:59 606684 ----a-w- c:\windows\system32\dllcache\ltmdmnt.sys
2009-12-10 19:41:59 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2009-12-10 19:40:59 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2009-12-10 19:39:57 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2009-12-10 19:38:57 2688 ----a-w- c:\windows\system32\dllcache\hidswvd.sys
2009-12-10 19:37:54 22090 ----a-w- c:\windows\system32\dllcache\fem556n5.sys
2009-12-10 19:36:59 114944 ----a-w- c:\windows\system32\dllcache\epstw2k.sys
2009-12-10 19:35:58 952007 ----a-w- c:\windows\system32\dllcache\diwan.sys
2009-12-10 19:34:59 49792 ----a-w- c:\windows\system32\dllcache\cyzport.sys
2009-12-10 19:33:56 714698 ----a-w- c:\windows\system32\dllcache\cbmdmkxx.sys
2009-12-10 19:32:59 66728 ----a-w- c:\windows\system32\dllcache\big5.nls
2009-12-10 19:31:42 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-12-04 17:38:24 13061 ----a-w- c:\windows\cfgall.ini
2009-12-04 17:37:04 0 d-----w- c:\program files\Trend Micro
2009-12-03 21:14:57 0 d-----w- C:\swshare
2009-12-02 02:10:10 0 d-----w- c:\program files\Cisco
2009-12-02 02:10:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Cisco
2009-11-30 16:12:02 0 d-sh--w- c:\documents and settings\rxxxxxx.domain\IECompatCache
2009-11-30 16:09:57 0 d-sh--w- c:\documents and settings\rxxxxxx.domain\PrivacIE
2009-11-30 16:05:44 0 d-sh--w- c:\documents and settings\rxxxxxx.domain\IETldCache
2009-11-30 15:56:27 0 d-----w- c:\windows\ie8updates
2009-11-30 15:54:19 991232 ----a-w- c:\windows\system32\dllcache\ieframe.dll.mui
2009-11-30 15:54:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-11-30 15:54:19 63488 ----a-w- c:\windows\system32\dllcache\icardie.dll
2009-11-30 15:54:19 6067200 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2009-11-30 15:54:19 52224 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-30 15:54:19 459264 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-30 15:54:19 380928 ----a-w- c:\windows\system32\dllcache\ieapfltr.dll
2009-11-30 15:54:19 268288 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2009-11-30 15:54:19 2452872 ----a-w- c:\windows\system32\dllcache\ieapfltr.dat
2009-11-20 18:50:22 0 ----a-w- c:\windows\system32\6334.exe
2009-11-20 18:30:21 0 ----a-w- c:\windows\system32\18467.exe
2009-11-19 19:17:40 0 d-----w- c:\docume~1\rxxso~1.aid\applic~1\Cisco

==================== Find3M ====================

2009-12-11 02:18:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 04:08:54 3598336 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-08 19:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 19:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 19:57:00 220160 ----a-w- c:\windows\system32\dllcache\oleacc.dll
2009-10-08 19:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 19:56:56 20480 ----a-w- c:\windows\system32\dllcache\oleaccrc.dll
2009-05-04 14:38:40 371894 ----a-w- c:\program files\F5.AppIcon.ico
2009-03-11 17:12:53 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031120090312\index.dat

============= FINISH: 0:19:15.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:39 PM

Posted 26 December 2009 - 03:14 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 CopierGuy

CopierGuy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 26 December 2009 - 07:52 PM

Thanks Sue, here is the log.




Logfile of random's system information tool 1.06 (written by random/random)
Run by R___xon at 2009-12-26 19:39:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (36%) free of 89 GB
Total RAM: 2046 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:15 PM, on 12/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\ascent\bin\acsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
C:\Program Files\Hyland\Services\PageHandlers\Hyland.Core.PageHandlers.NTService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Square9\XML Transform\SSXMLConverter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\WINDOWS\TEMP\DH9409.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\FabSoftFP.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Documents and Settings\R___xon.domain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hyland\Application Enabler\AECommServer.exe
C:\Program Files\Hyland\Application Enabler\AEClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\R___xon.domain\Desktop\RSIT.exe
C:\Program Files\trend micro\R___xon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [FtLnSOP_setup] C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [FabSoft Font Packager] C:\WINDOWS\system32\FabSoftFP.exe
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe /Station
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\R___xon.domain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{DC78AACC-D3E4-4D92-95E8-42AFD802B8DB}"" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [rrgui] "C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrgui.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://mail.appliedimaging.com
O15 - Trusted Zone: http://*.lcgrdms
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229659386703
O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - http://www.contentpurity.com/xp/ScanFilexp.CAB
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = applimaging.com
O17 - HKLM\Software\..\Telephony: DomainName = applimaging.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = applimaging.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ascent Capture Service - Kofax Image Products - c:\program files\ascent\bin\acsvc.exe
O23 - Service: AutoStore Status Monitor Port Broker (ASMPB) - Notable Solutions, Inc. - C:\Program Files\NSI\AutoStore\ASMPB.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AutoStore - Notable Solutions, Inc. - C:\Program Files\NSI\AutoStore\batch.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: PrintFree Spooler Service (ControlSpoolService) - Unknown owner - C:\Program Files\PrintFree\DLL\F5SSpool.exe
O23 - Service: E-mail Archive Service (E-mail Archive) - Hyland Software, Inc. - C:\OnBase\EMArchiver.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: exe_dmwebsvcmgr - Hyland Software, Inc. - C:\Program Files\Hyland\Services\Web Server\dmwebsvcmgr.exe
O23 - Service: FJTWMKSV - PFU LIMITED - C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
O23 - Service: PrintFree Directory Watch Service (Grn27fsm) - Unknown owner - C:\Program Files\PrintFree\DLL\F5SSubServices.exe
O23 - Service: PrintFree LPD Service (Grn27LPD) - Unknown owner - C:\Program Files\PrintFree\DLL\F5SSubServices.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hyland PageHandlers Service (Hyland.Core.PageHandlers.NTService) - Hyland Software - C:\Program Files\Hyland\Services\PageHandlers\Hyland.Core.PageHandlers.NTService.exe
O23 - Service: Hyland Diagnostics Service (Hyland.Diagnostics.NTService) - Hyland Software, Inc. - C:\Program Files\Hyland\Services\Diagnostics\Hyland.Diagnostics.NTService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicMan - Océ Document Technologies GmbH - C:\Program Files\Common Files\ODT-OCE\LicMan\bin\LicMan.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: Reform12 Spooler Service (Reform12_Spooler_Service) - FabSoft - C:\Program Files\Reform_Enterprise_v12\ReformEnt.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ssCaptureWorkflow (ssCaptureManager) - Square 9 Softworks - C:\GetSmart\ssCaptureManager.exe
O23 - Service: ssContentSearch (ssContentIndex) - Square 9 Softworks - C:\Program Files\Square9\Content Search\ssContentIndex.exe
O23 - Service: SSImp Engine - Unknown owner - C:\GetSmart\SSIMPORTERWS.exe
O23 - Service: SSXMLTransform - Unknown owner - C:\Program Files\Square9\XML Transform\SSXMLConverter.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 21018 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-13 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-30 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-13 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2008-07-03 118784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-03 1323008]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-06 181536]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-10-02 94208]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-05 242976]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-01-21 344064]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"FtLnSOP_setup"=C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe [2007-09-27 118784]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"FabSoft Font Packager"=C:\WINDOWS\system32\FabSoftFP.exe [2005-07-07 401920]
"BLOG"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL [2005-04-20 208896]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"cssauth"=C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe [2006-08-21 1997568]
"PDService.exe"=C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe [2005-11-15 49152]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2007-08-30 205480]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2007-08-28 73728]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-05-10 98304]
"FJTWAIN Setup"=C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe [2007-03-08 131072]
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2005-04-20 20480]
"BMMMONWND"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll [2005-04-20 396288]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-02-09 1165680]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-02-09 149024]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2009-07-29 425984]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2009-07-29 172032]
"BMMGAG"=RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-03-03 72240]
"VMware hqtray"=C:\Program Files\VMware\VMware Workstation\hqtray.exe [2008-03-03 55856]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27 49976]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"OfficeScanNT Monitor"=C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2007-05-07 702072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPMN"=C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe [2007-09-21 49152]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-12 68856]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]
"Google Update"=C:\Documents and Settings\R___xon.domain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-04 135664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2009-07-29 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-21 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2001-09-24 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PRISMAPI.DLL]
C:\WINDOWS\system32\PRISMAPI.DLL [2006-10-12 450649]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2009-05-21 100104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 233472]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
"notification packages"=csspwntfy
ACGina
psqlpwd
ACGina
ACGina
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
"DisableTaskMgr"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IBM\Updater\jre\bin\java.exe"="C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector"
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe"="C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector"
"C:\Program Files\IBM\Updater\ucsmb.exe"="C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector"
"C:\Program Files\Reform\AutoUpd.exe"="C:\Program Files\Reform\AutoUpd.exe:*:Enabled:AutoUpd"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console"
"C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
"C:\Work area and demodata\Tasman\Bin\javaw.exe"="C:\Work area and demodata\Tasman\Bin\javaw.exe:*:Enabled:javaw"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java launcher"
"C:\Program Files\SimpleCopier\simplecopier.exe"="C:\Program Files\SimpleCopier\simplecopier.exe:*:Enabled:SimpleCopier"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\R___xon.domain\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe"="C:\Documents and Settings\R___xon.domain\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\IBM\Updater\jre\bin\java.exe"="C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector"
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe"="C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector"
"C:\Program Files\IBM\Updater\ucsmb.exe"="C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server"
"C:\Program Files\Reform\AutoUpd.exe"="C:\Program Files\Reform\AutoUpd.exe:*:Enabled:AutoUpd"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\WS_FTP\WS_FTP95.exe"="C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\Program Files\dtSearch\bin\dts_svr.exe"="C:\Program Files\dtSearch\bin\dts_svr.exe:*:Enabled:dts_svr"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Disabled:Microsoft Office Word"
"C:\Work area and demodata\Tasman\Bin\javaw.exe"="C:\Work area and demodata\Tasman\Bin\javaw.exe:*:Disabled:javaw"
"C:\Program Files\Reform\Queue\ReformToECabinet.exe"="C:\Program Files\Reform\Queue\ReformToECabinet.exe:*:Enabled:ReformToECabinet"
"C:\Program Files\SimpleCopier\simplecopier.exe"="C:\Program Files\SimpleCopier\simplecopier.exe:*:Enabled:SimpleCopier"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\R___xon.domain\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe"="C:\Documents and Settings\R___xon.domain\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client"
"C:\Program Files\Hyland\Services\Workflow\Admin\Hyland.Applications.Workflow.Timers.Admin.exe"="C:\Program Files\Hyland\Services\Workflow\Admin\Hyland.Applications.Workflow.Timers.Admin.exe:*:Enabled:Hyland.Applications.Workflow.TimersAdmin"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df0cd144-19c2-11dc-aba1-0012f0e8dd96}]
shell\AutoRun\command - D:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2009-12-26 19:39:52 ----D---- C:\rsit
2009-12-25 22:45:38 ----D---- C:\Program Files\Common Files\Hyland
2009-12-25 15:35:20 ----SHD---- C:\Config.Msi
2009-12-21 12:11:29 ----HDC---- C:\WINDOWS\ie7
2009-12-20 19:38:23 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-20 19:38:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-20 16:30:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-20 16:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-20 16:29:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-20 16:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-20 16:29:16 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-20 16:11:53 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\zh-TW
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\zh-HK
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\tr-TR
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\sv-SE
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\pt-BR
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\nl-NL
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\nb-NO
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\ko-KR
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\it-IT
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\he-IL
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\fr-FR
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\fi-FI
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\es-ES
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\el-GR
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\de-DE
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\da-DK
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\ar-SA
2009-12-20 13:36:41 ----D---- C:\WINDOWS\Prefetch
2009-12-20 09:50:34 ----D---- C:\Documents and Settings\R___xon.domain\Application Data\FileZilla
2009-12-20 09:50:18 ----D---- C:\Program Files\FileZilla FTP Client
2009-12-20 09:17:14 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-12-20 09:10:32 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-12-20 09:10:15 ----A---- C:\WINDOWS\system32\comsdupd.exe
2009-12-20 09:10:04 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2009-12-20 09:10:04 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2009-12-20 09:10:03 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-12-20 09:10:03 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2009-12-20 09:10:02 ----A---- C:\WINDOWS\system32\credssp.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dot3svc.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dot3msm.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dot3api.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dimsroam.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2009-12-20 09:10:00 ----A---- C:\WINDOWS\system32\eapphost.dll
2009-12-20 09:10:00 ----A---- C:\WINDOWS\system32\eappgnui.dll
2009-12-20 09:10:00 ----A---- C:\WINDOWS\system32\eappcfg.dll
2009-12-20 09:10:00 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2009-12-20 09:10:00 ----A---- C:\WINDOWS\system32\eapolqec.dll
2009-12-20 09:10:00 ----A---- C:\WINDOWS\system32\dot3ui.dll
2009-12-20 09:09:59 ----A---- C:\WINDOWS\system32\eapsvc.dll
2009-12-20 09:09:59 ----A---- C:\WINDOWS\system32\eapqec.dll
2009-12-20 09:09:59 ----A---- C:\WINDOWS\system32\eappprxy.dll
2009-12-20 09:09:58 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2009-12-20 09:09:56 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2009-12-20 09:09:56 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2009-12-20 09:09:55 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2009-12-20 09:09:55 ----A---- C:\WINDOWS\system32\kmsvc.dll
2009-12-20 09:09:55 ----A---- C:\WINDOWS\system32\kbdpash.dll
2009-12-20 09:09:55 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2009-12-20 09:09:54 ----A---- C:\WINDOWS\system32\mmcperf.exe
2009-12-20 09:09:54 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-12-20 09:09:54 ----A---- C:\WINDOWS\system32\mmcex.dll
2009-12-20 09:09:54 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-12-20 09:09:53 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2009-12-20 09:09:53 ----A---- C:\WINDOWS\system32\mssha.dll
2009-12-20 09:09:51 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2009-12-20 09:09:50 ----A---- C:\WINDOWS\system32\napstat.exe
2009-12-20 09:09:50 ----A---- C:\WINDOWS\system32\napmontr.dll
2009-12-20 09:09:50 ----A---- C:\WINDOWS\system32\napipsec.dll
2009-12-20 09:09:47 ----A---- C:\WINDOWS\system32\onex.dll
2009-12-20 09:09:46 ----A---- C:\WINDOWS\system32\s3gnb.dll
2009-12-20 09:09:46 ----A---- C:\WINDOWS\system32\rasqec.dll
2009-12-20 09:09:46 ----A---- C:\WINDOWS\system32\qutil.dll
2009-12-20 09:09:46 ----A---- C:\WINDOWS\system32\qcliprov.dll
2009-12-20 09:09:46 ----A---- C:\WINDOWS\system32\qagentrt.dll
2009-12-20 09:09:46 ----A---- C:\WINDOWS\system32\qagent.dll
2009-12-20 09:09:45 ----A---- C:\WINDOWS\system32\slrundll.exe
2009-12-20 09:09:45 ----A---- C:\WINDOWS\system32\slgen.dll
2009-12-20 09:09:45 ----A---- C:\WINDOWS\system32\slextspk.dll
2009-12-20 09:09:45 ----A---- C:\WINDOWS\system32\slcoinst.dll
2009-12-20 09:09:45 ----A---- C:\WINDOWS\system32\setupn.exe
2009-12-20 09:09:44 ----A---- C:\WINDOWS\system32\tspkg.dll
2009-12-20 09:09:44 ----A---- C:\WINDOWS\system32\slserv.exe
2009-12-20 09:09:43 ----A---- C:\WINDOWS\system32\wlanapi.dll
2009-12-20 09:09:40 ----N---- C:\WINDOWS\slrundll.exe
2009-12-20 09:04:09 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-20 08:57:20 ----A---- C:\WINDOWS\003409_.tmp
2009-12-20 08:53:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-20 01:56:19 ----A---- C:\WINDOWS\system32\snprfdll.dll
2009-12-20 01:56:18 ----A---- C:\WINDOWS\system32\smtpctrs.ini
2009-12-20 01:56:18 ----A---- C:\WINDOWS\system32\smtpctrs.dll
2009-12-20 01:56:18 ----A---- C:\WINDOWS\system32\regtrace.exe
2009-12-20 01:56:18 ----A---- C:\WINDOWS\system32\ntfsdrct.ini
2009-12-20 01:56:18 ----A---- C:\WINDOWS\system32\fcachdll.dll
2009-12-20 01:56:18 ----A---- C:\WINDOWS\system32\adsiisex.dll
2009-12-20 01:55:30 ----A---- C:\WINDOWS\system32\w3svapi.dll
2009-12-20 01:55:30 ----A---- C:\WINDOWS\system32\w3ctrs.ini
2009-12-20 01:55:30 ----A---- C:\WINDOWS\system32\w3ctrs.dll
2009-12-20 01:55:30 ----A---- C:\WINDOWS\system32\axperf.ini
2009-12-20 01:55:29 ----A---- C:\WINDOWS\system32\iisrstap.dll
2009-12-20 01:55:29 ----A---- C:\WINDOWS\system32\iisreset.exe
2009-12-20 01:55:29 ----A---- C:\WINDOWS\system32\aspperf.dll
2009-12-20 01:55:28 ----A---- C:\WINDOWS\system32\wamregps.dll
2009-12-20 01:55:28 ----A---- C:\WINDOWS\system32\inetsloc.dll
2009-12-20 01:55:28 ----A---- C:\WINDOWS\system32\iismui.dll
2009-12-20 01:55:28 ----A---- C:\WINDOWS\system32\ftpsapi2.dll
2009-12-20 01:55:27 ----A---- C:\WINDOWS\system32\infoctrs.ini
2009-12-20 01:55:27 ----A---- C:\WINDOWS\system32\infoctrs.dll
2009-12-20 01:55:27 ----A---- C:\WINDOWS\system32\convlog.exe
2009-12-20 01:55:26 ----A---- C:\WINDOWS\system32\admxprox.dll
2009-12-20 01:55:24 ----A---- C:\WINDOWS\system32\smtpapi.dll
2009-12-20 01:55:24 ----A---- C:\WINDOWS\system32\rwnh.dll
2009-12-20 01:55:24 ----A---- C:\WINDOWS\system32\iisext.dll
2009-12-20 01:55:24 ----A---- C:\WINDOWS\system32\adsiis.dll
2009-12-20 01:55:23 ----A---- C:\WINDOWS\system32\infoadmn.dll
2009-12-20 01:55:23 ----A---- C:\WINDOWS\system32\iisrtl.dll
2009-12-20 01:55:23 ----A---- C:\WINDOWS\system32\iismap.dll
2009-12-20 01:55:23 ----A---- C:\WINDOWS\system32\exstrace.dll
2009-12-19 14:54:11 ----A---- C:\WINDOWS\000001_.tmp
2009-12-18 13:11:46 ----D---- C:\Program Files\Aladdin
2009-12-14 09:15:00 ----A---- C:\RootRepeal report 12-14-09 (09-15-00).txt
2009-12-14 00:12:55 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe
2009-12-13 14:58:27 ----D---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2009-12-10 23:16:06 ----D---- C:\WINDOWS\system32\ACLSet
2009-12-10 21:18:49 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-10 21:18:49 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-10 21:18:49 ----A---- C:\WINDOWS\system32\java.exe
2009-12-10 21:18:27 ----D---- C:\Program Files\Java
2009-12-04 12:38:24 ----A---- C:\WINDOWS\cfgall.ini
2009-12-04 12:37:04 ----D---- C:\Program Files\Trend Micro
2009-12-03 16:34:01 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2009-12-03 16:14:57 ----D---- C:\swshare
2009-12-03 11:48:32 ----D---- C:\Documents and Settings\R___xon.domain\Application Data\Mozilla
2009-12-01 21:10:10 ----D---- C:\Program Files\Cisco
2009-12-01 21:10:10 ----D---- C:\Documents and Settings\All Users\Application Data\Cisco
2009-11-30 10:56:58 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-30 10:56:27 ----D---- C:\WINDOWS\ie8updates
2009-11-30 10:54:19 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-11-30 10:49:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-20 13:50:22 ----A---- C:\WINDOWS\system32\6334.exe
2009-11-20 13:30:21 ----A---- C:\WINDOWS\system32\18467.exe
2009-11-19 14:17:40 ----D---- C:\Documents and Settings\R___xon.domain\Application Data\Cisco
2009-11-11 20:32:08 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-09 20:52:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2009-11-09 20:51:46 ----D---- C:\WINDOWS\system32\windowspowershell
2009-11-09 20:51:43 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2009-11-04 16:19:57 ----D---- C:\Documents and Settings\R___xon.domain\Application Data\Macrovision
2009-10-21 15:35:41 ----D---- C:\Documents and Settings\R___xon.domain\Application Data\Zeon
2009-10-21 15:26:51 ----D---- C:\Documents and Settings\All Users\Application Data\Nuance
2009-10-21 15:26:09 ----D---- C:\Documents and Settings\All Users\Application Data\zeon
2009-10-21 15:26:09 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2009-10-21 15:22:49 ----D---- C:\Documents and Settings\R___xon.domain\Application Data\.oit
2009-10-21 15:21:42 ----D---- C:\Program Files\ScanSoft
2009-10-16 11:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB975254$
2009-10-16 11:09:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-16 11:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-16 11:05:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-16 11:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-16 11:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-16 11:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-16 10:59:02 ----D---- C:\WINDOWS\SQL9_KB970892_ENU
2009-10-16 10:56:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-16 10:56:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-16 10:55:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-09 10:06:15 ----A---- C:\WINDOWS\system32\TweakUI.exe
2009-10-08 16:03:53 ----D---- C:\Program Files\VS Revo Group
2009-10-07 23:01:12 ----D---- C:\Documents and Settings\R___xon.domain\Application Data\Intel
2009-10-07 23:01:05 ----D---- C:\Program Files\Common Files\Intel
2009-10-07 23:01:05 ----D---- C:\Documents and Settings\All Users\Application Data\Intel
2009-10-07 23:00:19 ----D---- C:\Documents and Settings\R___xon.domain\Application Data\Avaya
2009-10-07 22:34:13 ----D---- C:\Program Files\Common Files\SPBA
2009-10-07 22:33:22 ----D---- C:\Program Files\ThinkVantage Fingerprint Software
2009-10-07 20:42:43 ----D---- C:\Documents and Settings\All Users\Application Data\PCDr
2009-10-07 19:36:25 ----D---- C:\SWTOOLS
2009-10-06 18:20:54 ----D---- C:\WINDOWS\pss

======List of files/folders modified in the last 3 months======

2009-12-26 19:35:31 ----A---- C:\WINDOWS\onbase.ini
2009-12-26 18:23:45 ----D---- C:\Documents and Settings\R___xon.domain\Application Data\VMware
2009-12-26 18:23:06 ----RSHD---- C:\RRbackups
2009-12-26 18:22:19 ----D---- C:\WINDOWS\system32\inetsrv
2009-12-26 18:21:59 ----D---- C:\WINDOWS\Temp
2009-12-26 18:20:47 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2009-12-26 18:20:33 ----D---- C:\Program Files\Reform_Enterprise_v12
2009-12-26 18:20:17 ----D---- C:\WINDOWS\Registration
2009-12-26 18:20:16 ----AD---- C:\WINDOWS
2009-12-26 00:10:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-25 22:49:03 ----A---- C:\moduleName.txt
2009-12-25 22:45:40 ----SHD---- C:\WINDOWS\Installer
2009-12-25 22:45:38 ----D---- C:\Program Files\Common Files
2009-12-25 22:19:56 ----A---- C:\WINDOWS\ODBC.INI
2009-12-25 16:05:02 ----AD---- C:\WINDOWS\system32
2009-12-25 16:05:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-25 15:58:57 ----D---- C:\Program Files\Hyland
2009-12-25 15:44:33 ----D---- C:\WINDOWS\system32\appmgmt
2009-12-25 09:06:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-25 08:56:14 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-25 08:27:38 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-25 00:32:51 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-25 00:32:50 ----RSD---- C:\WINDOWS\Fonts
2009-12-25 00:32:24 ----HD---- C:\WINDOWS\inf
2009-12-25 00:31:33 ----D---- C:\WINDOWS\system32\dllcache
2009-12-25 00:31:31 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-25 00:30:28 ----RSD---- C:\WINDOWS\assembly
2009-12-25 00:30:22 ----D---- C:\WINDOWS\WinSxS
2009-12-23 15:39:24 ----D---- C:\Program Files\Internet Explorer
2009-12-23 14:57:20 ----D---- C:\Temp
2009-12-23 14:24:41 ----D---- C:\WINDOWS\system32\en-US
2009-12-23 13:10:48 ----D---- C:\WINDOWS\security
2009-12-22 15:01:52 ----A---- C:\WINDOWS\imsins.BAK
2009-12-22 15:01:38 ----D---- C:\WINDOWS\ie7updates
2009-12-22 15:01:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-22 08:23:50 ----D---- C:\WINDOWS\system32\drivers
2009-12-21 21:45:56 ----N---- C:\WINDOWS\system.ini
2009-12-21 21:45:56 ----ASH---- C:\BOOT.INI
2009-12-21 21:45:56 ----A---- C:\WINDOWS\win.ini
2009-12-21 13:13:03 ----D---- C:\WINDOWS\Help
2009-12-21 12:12:55 ----D---- C:\WINDOWS\WBEM
2009-12-21 12:12:45 ----D---- C:\WINDOWS\Media
2009-12-20 18:05:29 ----A---- C:\WINDOWS\system32\dmmailsvc.dll
2009-12-20 16:44:55 ----SD---- C:\WINDOWS\Tasks
2009-12-20 16:41:15 ----D---- C:\WINDOWS\AppPatch
2009-12-20 16:41:14 ----D---- C:\WINDOWS\system32\wbem
2009-12-20 16:36:28 ----AD---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-12-20 16:28:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-20 16:26:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-20 16:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-20 16:11:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-20 16:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-20 16:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-20 16:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-20 16:10:29 ----D---- C:\Program Files\Outlook Express
2009-12-20 16:10:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-20 16:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-12-20 16:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-20 16:09:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-20 16:09:29 ----A---- C:\WINDOWS\iis6.BAK
2009-12-20 16:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-20 16:09:10 ----HDC---- C:\WINDOWS\$NtUninstallKB970483$
2009-12-20 16:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-20 16:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-20 16:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-20 16:08:12 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-20 16:07:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-20 16:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-20 16:07:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-20 16:05:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-20 16:04:14 ----D---- C:\Program Files\Messenger
2009-12-20 16:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-12-20 13:39:08 ----A---- C:\WINDOWS\setuplog.txt
2009-12-20 13:35:40 ----D---- C:\WINDOWS\system32\Setup
2009-12-20 09:50:18 ----RD---- C:\Program Files
2009-12-20 09:10:13 ----D---- C:\WINDOWS\network diagnostic
2009-12-20 09:10:12 ----D---- C:\WINDOWS\ime
2009-12-20 09:09:40 ----D---- C:\WINDOWS\system32\usmt
2009-12-20 09:09:39 ----D---- C:\WINDOWS\system32\scripting
2009-12-20 09:09:33 ----D---- C:\WINDOWS\l2schemas
2009-12-20 09:09:32 ----D---- C:\WINDOWS\system32\en
2009-12-20 09:09:31 ----D---- C:\WINDOWS\system32\bits
2009-12-20 09:09:31 ----D---- C:\WINDOWS\PeerNet
2009-12-20 09:09:30 ----D---- C:\Program Files\Movie Maker
2009-12-20 09:03:37 ----D---- C:\WINDOWS\system32\Restore
2009-12-20 09:03:37 ----D---- C:\WINDOWS\system32\npp
2009-12-20 09:03:36 ----D---- C:\WINDOWS\mui
2009-12-20 09:03:34 ----D---- C:\WINDOWS\msagent
2009-12-20 09:03:31 ----D---- C:\WINDOWS\srchasst
2009-12-20 09:03:30 ----D---- C:\Program Files\NetMeeting
2009-12-20 09:03:27 ----D---- C:\WINDOWS\system32\Com
2009-12-20 09:03:22 ----D---- C:\Program Files\Windows Media Player
2009-12-20 09:03:21 ----D---- C:\Program Files\Windows NT
2009-12-20 09:03:15 ----D---- C:\Program Files\Common Files\System
2009-12-20 09:02:50 ----AD---- C:\WINDOWS\system32\oobe
2009-12-20 09:02:47 ----D---- C:\WINDOWS\system
2009-12-20 08:57:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-20 08:53:17 ----D---- C:\WINDOWS\ehome
2009-12-20 01:59:43 ----D---- C:\Inetpub
2009-12-20 01:35:49 ----D---- C:\OBDEMO2008
2009-12-20 01:13:33 ----D---- C:\WINDOWS\addins
2009-12-20 00:49:53 ----A---- C:\WINDOWS\ModemLog_ThinkPad Integrated 56K Modem.txt
2009-12-19 20:29:12 ----D---- C:\Program Files\Canon
2009-12-19 20:23:51 ----D---- C:\Program Files\Sonic
2009-12-19 20:16:59 ----D---- C:\Program Files\Quick Screen Capture
2009-12-19 20:16:35 ----D---- C:\Documents and Settings\R___xon.domain\Application Data\ScanSoft
2009-12-19 20:16:35 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2009-12-19 16:48:30 ----D---- C:\Program Files\Panda Security
2009-12-19 11:09:15 ----D---- C:\GetSmart
2009-12-17 20:14:52 ----ASD---- C:\Documents and Settings\R___xon.domain\Application Data\Microsoft
2009-12-17 20:14:51 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-17 20:14:51 ----ASD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-16 23:04:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-13 20:46:23 ----D---- C:\Program Files\Google
2009-12-13 14:54:55 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-10 21:18:33 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-10 19:50:23 ----SD---- C:\WINDOWS\system32\Microsoft
2009-12-09 16:25:16 ----D---- C:\WINDOWS\system32\config
2009-12-04 07:42:27 ----SHD---- C:\RECYCLER
2009-12-04 01:04:07 ----D---- C:\Program Files\Windows Live Safety Center
2009-12-04 00:42:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-04 00:02:00 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-01 15:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-30 10:17:12 ----AD---- C:\Documents and Settings
2009-11-24 09:15:36 ----D---- C:\Program Files\Ascent Pricing Configurator
2009-11-17 14:08:20 ----D---- C:\Documents and Settings\R___xon.domain\Application Data\webex
2009-11-05 19:13:58 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2009-11-05 19:12:58 ----D---- C:\Documents and Settings\R___xon.domain\Application Data\ZoomBrowser EX
2009-11-04 16:39:34 ----D---- C:\OnBase Printer Spool
2009-11-04 15:53:35 ----A---- C:\WINDOWS\system32\vprinter.ini
2009-11-03 15:24:04 ----A---- C:\WINDOWS\system32\RPCS.ini
2009-10-29 12:24:12 ----A---- C:\WINDOWS\Vcdem32p.INI
2009-10-29 11:13:28 ----A---- C:\WINDOWS\setscan.ini
2009-10-29 02:46:59 ----A---- C:\WINDOWS\system32\wininet.dll
2009-10-29 02:46:59 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-10-29 02:46:58 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-10-29 02:46:58 ----A---- C:\WINDOWS\system32\url.dll
2009-10-29 02:46:58 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-10-29 02:46:58 ----A---- C:\WINDOWS\system32\occache.dll
2009-10-29 02:46:58 ----A---- C:\WINDOWS\system32\mstime.dll
2009-10-29 02:46:58 ----A---- C:\WINDOWS\system32\msrating.dll
2009-10-29 02:46:57 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-10-29 02:46:57 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-29 02:46:55 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-10-29 02:46:55 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-10-29 02:46:55 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-10-29 02:46:54 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-10-29 02:46:54 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-10-29 02:46:54 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-10-29 02:46:52 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-10-29 02:46:51 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-10-29 02:46:51 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-10-29 02:46:51 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-10-29 02:46:51 ----A---- C:\WINDOWS\system32\icardie.dll
2009-10-29 02:46:51 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-10-29 02:46:51 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-10-29 02:46:50 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-10-29 02:46:50 ----A---- C:\WINDOWS\system32\corpol.dll
2009-10-29 02:46:50 ----A---- C:\WINDOWS\system32\advpack.dll
2009-10-29 00:38:22 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-10-28 09:36:11 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-10-28 09:36:11 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-10-28 01:52:46 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-10-22 14:22:53 ----D---- C:\MyWorking
2009-10-22 12:32:45 ----A---- C:\WINDOWS\system32\tsmmc.msc
2009-10-21 00:38:36 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-10-21 00:38:36 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-10-20 20:11:57 ----D---- C:\Program Files\Microsoft Works
2009-10-20 11:46:57 ----D---- C:\Documents and Settings\R___xon.domain\Application Data\U3
2009-10-16 10:59:45 ----D---- C:\Program Files\Microsoft SQL Server
2009-10-13 13:58:01 ----D---- C:\OnBase
2009-10-13 05:30:16 ----A---- C:\WINDOWS\system32\oakley.dll
2009-10-12 08:38:19 ----A---- C:\WINDOWS\system32\rastls.dll
2009-10-12 08:38:18 ----A---- C:\WINDOWS\system32\raschap.dll
2009-10-09 10:07:41 ----D---- C:\WINDOWS\Downloaded Installations
2009-10-08 14:57:02 ----A---- C:\WINDOWS\system32\uiautomationcore.dll
2009-10-08 14:57:00 ----A---- C:\WINDOWS\system32\oleacc.dll
2009-10-08 14:56:56 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2009-10-08 09:35:51 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-10-07 23:01:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-07 23:01:05 ----D---- C:\Program Files\Intel
2009-10-07 22:21:07 ----D---- C:\Program Files\PCDR5
2009-10-07 21:08:03 ----D---- C:\Program Files\Common Files\Lenovo
2009-10-07 21:08:00 ----D---- C:\Program Files\Lenovo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2009-07-21 11520]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2006-11-14 73288]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2005-07-05 17699]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2005-04-20 16384]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2006-05-26 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-03-09 7168]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2004-06-19 120483]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2004-11-04 26672]
R1 vcdrom;Virtual CD-ROM Device Driver; \??\C:\WINDOWS\system32\drivers\VCdRom.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-10-26 20747]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 InAspi32;InAspi32; \??\C:\WINDOWS\system32\drivers\InAspi32.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 NTPDA;NTPDA; C:\WINDOWS\system32\drivers\NTPDA.sys [2001-12-13 3446]
R2 PrivateDisk;PrivateDisk; \??\C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2004-09-10 84064]
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys []
R2 tifsfilter;Maxtor MaxBlast FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-01-27 44384]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-03-03 28592]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
R2 WIBUKEY;WIBU-KEY KeR___ Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2005-04-14 70144]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-21 2156032]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-05-02 161792]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-10-18 242304]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2009-03-19 25000]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2009-01-07 30144]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-10 260224]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-03 225664]
R3 TcUsb;TC USB KeR___ Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2008-12-08 50832]
R3 TPInput;TPInput; C:\WINDOWS\System32\DRIVERS\TPInput.sys [2006-09-26 6528]
R3 TPM;Winbond Trusted Platform Module; C:\WINDOWS\system32\DRIVERS\tpm.sys [2005-10-09 17792]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-03-03 16816]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2005-07-20 327808]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2005-07-20 100096]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2006-10-26 357344]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2003-09-23 7296]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys []
S3 memcard;PCMCIA Memory Card Driver; C:\WINDOWS\system32\DRIVERS\memcard.sys [2001-08-17 8320]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 MXBULK;DualCam Still, MXBulk3.Sys; C:\WINDOWS\System32\Drivers\MXBulk3.sys [2002-01-22 50688]
S3 MXCap;DSC-06 Video Camera; C:\WINDOWS\system32\DRIVERS\MXCap3.sys [2002-04-17 63104]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NAVAP;NAVAP; \??\C:\Program Files\NavNT\NAVAP.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070829.009\NAVENG.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070829.009\NAVEX15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2006-04-17 16694]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-09-22 9856]
S3 portio;TPM Service; C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys [2004-05-19 13757]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNTNLUSB;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2004-09-10 27056]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1; C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 14336]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbkey;USB Dongle; C:\WINDOWS\system32\DRIVERS\USBKey.sys [2003-01-01 28848]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 vmusb;VMware USB Client Driver; C:\WINDOWS\System32\Drivers\vmusb.sys [2008-03-03 30768]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2009-02-03 20152]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2006-11-01 128104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 PMEM;PMEM; \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2009-07-29 98304]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2009-07-29 221184]
R2 Ascent Capture Service;Ascent Capture Service; c:\program files\ascent\bin\acsvc.exe [2006-09-21 40960]
R2 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-21 483328]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-02-27 870672]
R2 FJTWMKSV;FJTWMKSV; C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe [2007-03-08 45056]
R2 Hyland.Core.PageHandlers.NTService;Hyland PageHandlers Service; C:\Program Files\Hyland\Services\PageHandlers\Hyland.Core.PageHandlers.NTService.exe [2008-11-27 20480]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2009-03-19 38176]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-10 153376]
R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe [2007-06-22 95592]
R2 MSSQL$ASCENTCAPTURE;MSSQL$ASCENTCAPTURE; C:\Program Files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlservr.exe [2005-05-03 9150464]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2007-05-07 771704]
R2 PRISMSVC;PRISMSVC; C:\WINDOWS\system32\PRISMSVC.EXE [2006-10-12 61529]
R2 Reform12_Spooler_Service;Reform12 Spooler Service; C:\Program Files\Reform_Enterprise_v12\ReformEnt.exe [2009-05-26 6459904]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-02-27 473360]
R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-02-27 909312]
R2 SentinelProtectionServer;SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2004-09-10 189536]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 SSXMLTransform;SSXMLTransform; C:\Program Files\Square9\XML Transform\SSXMLConverter.exe [2008-07-02 32768]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2009-06-12 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 tmlisten;OfficeScan NT Listener; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2007-05-07 796280]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-14 37416]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
R2 TSSCoreService;TSS Core Service; C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe [2005-12-21 722480]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe [2006-08-21 1384448]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-03-03 109104]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-03-03 121392]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-03-03 150064]
R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R3 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-02-09 407072]
R3 TmProxy;OfficeScan NT Proxy Service; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [2007-04-27 575064]
S2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
S2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
S2 ssCaptureManager;ssCaptureWorkflow; C:\GetSmart\ssCaptureManager.exe [2009-10-02 14848]
S2 ssContentIndex;ssContentSearch; C:\Program Files\Square9\Content Search\ssContentIndex.exe [2009-03-19 15360]
S2 SSImp Engine;SSImp Engine; C:\GetSmart\SSIMPORTERWS.exe [2009-09-11 32768]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-11-16 69632]
S3 ASMPB;AutoStore Status Monitor Port Broker; C:\Program Files\NSI\AutoStore\ASMPB.exe [2007-01-11 102400]
S3 AutoStore;AutoStore; C:\Program Files\NSI\AutoStore\batch.exe [2007-01-11 69632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 ControlSpoolService;PrintFree Spooler Service; C:\Program Files\PrintFree\DLL\F5SSpool.exe [2008-12-17 593920]
S3 E-mail Archive;E-mail Archive Service; C:\OnBase\EMArchiver.exe [2007-11-09 17158144]
S3 exe_dmwebsvcmgr;exe_dmwebsvcmgr; C:\Program Files\Hyland\Services\Web Server\dmwebsvcmgr.exe [2008-11-27 1822720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 Grn27fsm;PrintFree Directory Watch Service; C:\Program Files\PrintFree\DLL\F5SSubServices.exe [2008-12-17 98816]
S3 Grn27LPD;PrintFree LPD Service; C:\Program Files\PrintFree\DLL\F5SSubServices.exe [2008-12-17 98816]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-13 182768]
S3 Hyland.Diagnostics.NTService;Hyland Diagnostics Service; C:\Program Files\Hyland\Services\Diagnostics\Hyland.Diagnostics.NTService.exe [2008-11-27 24576]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LicMan;LicMan; C:\Program Files\Common Files\ODT-OCE\LicMan\bin\LicMan.exe [2005-11-09 798720]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S3 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 SQLAgent$ASCENTCAPTURE;SQLAgent$ASCENTCAPTURE; C:\Program Files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlagent.EXE [2005-05-03 323584]
S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE [2008-11-24 346976]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2007-11-30 186928]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]

-----------------EOF-----------------

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:39 PM

Posted 27 December 2009 - 04:14 PM

Is this a business computer?
If it is, are you the domain administrator? If you are not, have you informed your domain administrator, (business manager, Systems Analyst, or Information Technology (IT) Specialist)?

I ask because I do not help in cleaning business or corporate computers for several reasons:
  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 CopierGuy

CopierGuy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 27 December 2009 - 04:43 PM

I am the domain admin. I would not hold you responsable for any problems or loss of data, but I understand if you need to stop.

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:39 PM

Posted 27 December 2009 - 06:23 PM

I do not feel comfortable working on business computers. If you like, I can post your url so that someone who does feel comfortable will take over.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 CopierGuy

CopierGuy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 28 December 2009 - 01:16 PM

Yes, please do.

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:39 PM

Posted 30 December 2009 - 01:41 PM

Hello, CopierGuy
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 CopierGuy

CopierGuy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 30 December 2009 - 07:34 PM

GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-30 19:24:33
Windows 5.1.2600 Service Pack 3
Running: y1t652bf.exe; Driver: C:\DOCUME~1\rxxxxxxxxSO~1.AID\LOCALS~1\Temp\pwrdapog.sys


---- System - GMER 1.0.15 ----

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kerxxxxxxxx Device Driver for Windows NT/Aladdin Knowledge Systems) B1CE416D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kerxxxxxxxx Device Driver for Windows NT/Aladdin Knowledge Systems) B1CE3FC2

---- Kerxxxxxxxx code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB16B4400, 0x6E6E2, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB173E820] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB173E820]
.protect˙˙˙˙hardlockunknown last code section [0xB173E600, 0x512A, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB173E600, 0x512A, 0xE0000020]

---- Kerxxxxxxxx IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [BA5AE7AC] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [BA5AE86E] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BA5AE86E] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BA5AE7AC] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BA5AE86E] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BA5AE7AC] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BA5AE86E] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BA5AE7AC] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BA5AE86E] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [BA5AE86E] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [BA5AE7AC] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BA5AE86E] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BA5AE7AC] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Incorporated.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Incorporated.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Incorporated.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Incorporated.)

Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000ab hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000ac hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000ad hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000af hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device \FileSystem\Cdfs \Cdfs B01C6400

---- Files - GMER 1.0.15 ----

File C:\RRbackups\C 0 bytes
File C:\RRbackups\C\0 0 bytes
File C:\RRbackups\C\0\Data27 50003968 bytes
File C:\RRbackups\C\0\Data0 50003968 bytes
File C:\RRbackups\C\0\Data1 50003968 bytes
File C:\RRbackups\C\0\Data10 50003968 bytes
File C:\RRbackups\C\0\Data11 50003968 bytes
File C:\RRbackups\C\0\Data12 50003968 bytes
File C:\RRbackups\C\0\Data13 50003968 bytes
File C:\RRbackups\C\0\Data14 50003968 bytes
File C:\RRbackups\C\0\Data15 50003968 bytes
File C:\RRbackups\C\0\Data16 50003968 bytes
File C:\RRbackups\C\0\Data17 50003968 bytes
File C:\RRbackups\C\0\Data18 50003968 bytes
File C:\RRbackups\C\0\Data19 50003968 bytes
File C:\RRbackups\C\0\Data2 50003968 bytes
File C:\RRbackups\C\0\Data20 50003968 bytes
File C:\RRbackups\C\0\Data21 50003968 bytes
File C:\RRbackups\C\0\Data22 50003968 bytes
File C:\RRbackups\C\0\Data23 50003968 bytes
File C:\RRbackups\C\0\Data24 50003968 bytes
File C:\RRbackups\C\0\Data25 50003968 bytes
File C:\RRbackups\C\0\Data26 50003968 bytes
File C:\RRbackups\C\0\Data28 50003968 bytes
File C:\RRbackups\C\0\Data29 50003968 bytes
File C:\RRbackups\C\0\Data3 50003968 bytes
File C:\RRbackups\C\0\Data30 50003968 bytes
File C:\RRbackups\C\0\Data31 50003968 bytes
File C:\RRbackups\C\0\Data32 50003968 bytes
File C:\RRbackups\C\0\Data33 50003968 bytes
File C:\RRbackups\C\0\Data34 50003968 bytes
File C:\RRbackups\C\0\Data35 50003968 bytes
File C:\RRbackups\C\0\Data36 50003968 bytes
File C:\RRbackups\C\0\Data37 50003968 bytes
File C:\RRbackups\C\0\Data38 50003968 bytes
File C:\RRbackups\C\0\Data39 50003968 bytes
File C:\RRbackups\C\0\Data4 50003968 bytes
File C:\RRbackups\C\0\Data40 50003968 bytes
File C:\RRbackups\C\0\Data41 50003968 bytes
File C:\RRbackups\C\0\Data42 50003968 bytes
File C:\RRbackups\C\0\Data43 50003968 bytes
File C:\RRbackups\C\0\Data44 50003968 bytes
File C:\RRbackups\C\0\Data45 50003968 bytes
File C:\RRbackups\C\0\Data46 50003968 bytes
File C:\RRbackups\C\0\Data47 50003968 bytes
File C:\RRbackups\C\0\Data48 50003968 bytes
File C:\RRbackups\C\0\Data49 50003968 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-814181189-2252688351-4082718328-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-814181189-2252688351-4082718328-500\6b29ae44e85efac3c72ff4d1865d73f1_9c8ac797-7644-4f9c-9514-04dafd939dfe 53 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-814181189-2252688351-4082718328-500\83aa4cc77f591dfc2374580bbd95f6ba_9c8ac797-7644-4f9c-9514-04dafd939dfe 45 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-814181189-2252688351-4082718328-500\8f71098770f72c7a67cd8f1151619865_9c8ac797-7644-4f9c-9514-04dafd939dfe 54 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-814181189-2252688351-4082718328-500\932a2db58c237abd381d22df4c63a04a_9c8ac797-7644-4f9c-9514-04dafd939dfe 87 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-814181189-2252688351-4082718328-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-814181189-2252688351-4082718328-500\e99dd8f7-76fb-44d0-9fd2-30a62ec8908d 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-814181189-2252688351-4082718328-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-500 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-500\229560ff226d803edae6709d990da074_9c8ac797-7644-4f9c-9514-04dafd939dfe 889 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-500\533145ef011ddf5ca3983e2545a902b4_9c8ac797-7644-4f9c-9514-04dafd939dfe 2075 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-500\6b29ae44e85efac3c72ff4d1865d73f1_9c8ac797-7644-4f9c-9514-04dafd939dfe 53 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-500\a18ca4003deb042bbee7a40f15e1970b_9c8ac797-7644-4f9c-9514-04dafd939dfe 54 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-500 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-500\c081abb8-d200-4880-a6f1-ac8554d0b991 664 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\ThinkVantage 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\ThinkVantage\Client Security 0 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\ThinkVantage\Client Security\encobject.dat 6432 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\ThinkVantage\Client Security\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\ThinkVantage\Client Security\hwkeys.dat 4248 bytes
File C:\RRbackups\Documents and Settings\administrator.domain\Application Data\ThinkVantage\Client Security\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\229560ff226d803edae6709d990da074_9c8ac797-7644-4f9c-9514-04dafd939dfe 1713 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47f16650e00320917e549e2d3890f1cc_9c8ac797-7644-4f9c-9514-04dafd939dfe 1279 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f1e33ae101e8995b6a0df486430e1cf_9c8ac797-7644-4f9c-9514-04dafd939dfe 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f508c4c96db26173075b515595057cc_9c8ac797-7644-4f9c-9514-04dafd939dfe 1276 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a436fe806e483969f48a894af2fe9a1_9c8ac797-7644-4f9c-9514-04dafd939dfe 1727 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2319c42033a5ca7f44e731bfd3fa2b5_9c8ac797-7644-4f9c-9514-04dafd939dfe 1746 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db31d639599ec9ead75c903166331b31_9c8ac797-7644-4f9c-9514-04dafd939dfe 2485 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_9c8ac797-7644-4f9c-9514-04dafd939dfe 52 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe002e1d54a3f03d7c11b77a2f5127e6_9c8ac797-7644-4f9c-9514-04dafd939dfe 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\01c183163adea65e2018c124c6673f57_9c8ac797-7644-4f9c-9514-04dafd939dfe 2521 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_9c8ac797-7644-4f9c-9514-04dafd939dfe 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_9c8ac797-7644-4f9c-9514-04dafd939dfe 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_9c8ac797-7644-4f9c-9514-04dafd939dfe 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_9c8ac797-7644-4f9c-9514-04dafd939dfe 893 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\f3cc7887c7d1284877edd46ff56c1788_9c8ac797-7644-4f9c-9514-04dafd939dfe 56 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Security 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Security\encobject.dat 1608 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Security\hwkeys.dat 4248 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Security\symkeys.dat 656 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LogMeInRemoteUser 0 bytes
File C:\RRbackups\Documents and Settings\LogMeInRemoteUser\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LogMeInRemoteUser\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LogMeInRemoteUser\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LogMeInRemoteUser\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LogMeInRemoteUser\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LogMeInRemoteUser\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LogMeInRemoteUser\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\01c183163adea65e2018c124c6673f57_9c8ac797-7644-4f9c-9514-04dafd939dfe 2521 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\6d9ad05c-04fe-4c50-bfe9-d4a78bbbe078 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\6dcaefe5-88ae-4263-ae0c-9d50217c6baf 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Crypto\RSA\S-1-5-21-814181189-2252688351-4082718328-1005 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Crypto\RSA\S-1-5-21-814181189-2252688351-4082718328-1005\1e3acbc85d06980fa03ddb96aa15efd6_9c8ac797-7644-4f9c-9514-04dafd939dfe 48 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Crypto\RSA\S-1-5-21-814181189-2252688351-4082718328-1005\533145ef011ddf5ca3983e2545a902b4_9c8ac797-7644-4f9c-9514-04dafd939dfe 2075 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Crypto\RSA\S-1-5-21-814181189-2252688351-4082718328-1005\6b29ae44e85efac3c72ff4d1865d73f1_9c8ac797-7644-4f9c-9514-04dafd939dfe 53 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Crypto\RSA\S-1-5-21-814181189-2252688351-4082718328-1005\83aa4cc77f591dfc2374580bbd95f6ba_9c8ac797-7644-4f9c-9514-04dafd939dfe 45 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Crypto\RSA\S-1-5-21-814181189-2252688351-4082718328-1005\8f71098770f72c7a67cd8f1151619865_9c8ac797-7644-4f9c-9514-04dafd939dfe 54 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Crypto\RSA\S-1-5-21-814181189-2252688351-4082718328-1005\d3373934db3876521b92469651693893_9c8ac797-7644-4f9c-9514-04dafd939dfe 1278 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Protect\S-1-5-21-814181189-2252688351-4082718328-1005 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Protect\S-1-5-21-814181189-2252688351-4082718328-1005\1d5c6d64-6c0a-4fb8-847d-97914c3311f7 388 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Protect\S-1-5-21-814181189-2252688351-4082718328-1005\ae3ec8b7-3ed4-4795-8dda-8ab8148b57c1 388 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Protect\S-1-5-21-814181189-2252688351-4082718328-1005\f459add7-1c38-4452-9e97-c7990f6bcaa0 388 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\Protect\S-1-5-21-814181189-2252688351-4082718328-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\ThinkVantage 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\ThinkVantage\Client Security 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\ThinkVantage\Client Security\encobject.dat 6432 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\ThinkVantage\Client Security\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\ThinkVantage\Client Security\hwkeys.dat 4248 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson\Application Data\ThinkVantage\Client Security\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-1019 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-1019\71f5c59e50da4338d9b30d5df3570db2_9c8ac797-7644-4f9c-9514-04dafd939dfe 923 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-1019\01c183163adea65e2018c124c6673f57_9c8ac797-7644-4f9c-9514-04dafd939dfe 2521 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-1019\1e3acbc85d06980fa03ddb96aa15efd6_9c8ac797-7644-4f9c-9514-04dafd939dfe 48 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-1019\229560ff226d803edae6709d990da074_9c8ac797-7644-4f9c-9514-04dafd939dfe 889 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-1019\533145ef011ddf5ca3983e2545a902b4_9c8ac797-7644-4f9c-9514-04dafd939dfe 2075 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-1019\637094b848b53858c699f2ce880165d5_9c8ac797-7644-4f9c-9514-04dafd939dfe 53 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-1019\6b29ae44e85efac3c72ff4d1865d73f1_9c8ac797-7644-4f9c-9514-04dafd939dfe 53 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-1019\7a3daf999738995895a840fd884c1888_9c8ac797-7644-4f9c-9514-04dafd939dfe 1305 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-1019\83aa4cc77f591dfc2374580bbd95f6ba_9c8ac797-7644-4f9c-9514-04dafd939dfe 45 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-1019\8f71098770f72c7a67cd8f1151619865_9c8ac797-7644-4f9c-9514-04dafd939dfe 54 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-1019\932a2db58c237abd381d22df4c63a04a_9c8ac797-7644-4f9c-9514-04dafd939dfe 87 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-1019\b36d04258dafb412c4cc9a6beafe3997_9c8ac797-7644-4f9c-9514-04dafd939dfe 1305 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1924535667-1747589258-483988704-1019\d3373934db3876521b92469651693893_9c8ac797-7644-4f9c-9514-04dafd939dfe 1278 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\74437496-3380-4d6f-a857-d164cb2acb60 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\1cb67b15-5834-4af4-9781-6e6a79bf972a 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\1cd5bac1-af48-439d-bc12-c2470974c568 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\24339b32-7575-4db9-8b80-19afd4651cb1 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\3b206d09-3bd1-4e66-9fd8-be6c228e831b 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\3f231280-5d61-4769-884d-b5673ac3a297 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\5a84cbbf-7c5b-4ac9-aaad-835e62ca9763 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\5f901a45-a2b6-44ac-b610-cef6d90b9511 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\7ae5c4c5-1821-4582-af14-a50799d8aa3a 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\7cc24d81-5045-4257-980d-4995af002567 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\81af35f7-57a7-48fa-ac57-8f1f7773d560 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\97896780-879b-4a2b-9861-e8a57ed572fc 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\bba99a71-7d77-401b-a7d6-d4a5be195ce7 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\c4de22e1-ed57-46b5-9856-13a740d5cd16 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\d1c723b3-96c0-4941-8dea-129453eeb91f 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\de7ea3cf-7b31-4d22-88a5-e890c3238727 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\fbf91bce-072d-4dfa-9fc4-67c4465809b7 664 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\Protect\S-1-5-21-1924535667-1747589258-483988704-1019\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\SystemCertificates\My\Keys 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\SystemCertificates\My\Keys\167B75994D4DAA003AD16C2EC4783A5D3E79F4DA 312 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\SystemCertificates\My\Keys\1C069682C0E4DA85B1950964B1A982AB8A0833AC 296 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\SystemCertificates\Request 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\SystemCertificates\Request\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\SystemCertificates\Request\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\Microsoft\SystemCertificates\Request\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\ThinkVantage 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\ThinkVantage\Client Security 0 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\ThinkVantage\Client Security\encobject.dat 6432 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\ThinkVantage\Client Security\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\ThinkVantage\Client Security\hwkeys.dat 4248 bytes
File C:\RRbackups\Documents and Settings\rxxxxxxxxson.domain\Application Data\ThinkVantage\Client Security\symkeys.dat 1968 bytes
File C:\RRbackups\hints.dat 8192 bytes
File C:\RRbackups\regcerts.dat 12288 bytes
File C:\RRbackups\SAM 262144 bytes
File C:\RRbackups\system 12320768 bytes
File C:\RRbackups\system.dat 12288 bytes
File C:\RRbackups\tvt.txt 12972 bytes
File C:\RRbackups\usersids.dat 30160 bytes

---- EOF - GMER 1.0.15 ----

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:39 PM

Posted 31 December 2009 - 06:39 AM

Hi,

Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 CopierGuy

CopierGuy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 31 December 2009 - 09:42 AM

Here is the log

ComboFix 09-12-30.04 - rxxxxxxxxon 12/31/2009 9:09.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1203 [GMT -5:00]
Running from: c:\documents and settings\rxxxxxxxxon.domain\Desktop\schrauber.exe
AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {624765C4-4E8B-47F1-B414-7F64B93B79D3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\rxxxxxxxxO~1.AID\LOCALS~1\Temp\install_flash_player.exe
c:\windows\Fonts\usps4cb.TTF
c:\windows\system32\18467.exe
c:\windows\system32\6334.exe
c:\windows\system32\Cache
f:\my documents\ZbThumbnail.info

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-28 17:51 . 2009-12-28 17:51 -------- d-----w- c:\program files\CCleaner
2009-12-28 14:26 . 2009-12-28 14:26 70984 ----a-w- c:\documents and settings\rxxxxxxxxon\g2mdlhlpx.exe
2009-12-27 20:20 . 2009-12-27 20:20 -------- d-----w- c:\windows\SQLTools9_KB934458_ENU
2009-12-27 00:39 . 2009-12-27 00:40 -------- d-----w- C:\rsit
2009-12-26 04:35 . 2009-12-26 04:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Square_9_Softworks
2009-12-26 03:49 . 2009-12-26 03:49 -------- d-----w- c:\documents and settings\rxxxxxxxxon\Local Settings\Application Data\Hyland Software, Inc
2009-12-26 03:45 . 2009-12-26 03:45 -------- d-----w- c:\program files\Common Files\Hyland
2009-12-26 03:06 . 2009-12-26 03:06 -------- d-----w- c:\documents and settings\rxxxxxxxxon\Local Settings\Application Data\Microsoft Help
2009-12-25 05:31 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-25 05:31 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-25 05:31 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-25 05:31 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-23 19:57 . 2009-12-23 19:57 -------- d-----w- c:\temp\SidToName
2009-12-23 19:57 . 2009-12-23 19:57 131418 ----a-w- c:\temp\SidToName.zip
2009-12-23 19:54 . 2009-12-23 19:54 -------- d-----w- c:\temp\sid
2009-12-23 19:54 . 2009-12-23 19:54 50773 ----a-w- c:\temp\sid.zip
2009-12-23 19:35 . 2009-12-23 19:35 80624 ----a-w- c:\temp\metaacl.exe
2009-12-20 20:19 . 2009-08-04 14:20 2023936 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-20 20:00 . 2009-08-04 15:13 2145280 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-20 17:51 . 2009-12-20 17:51 -------- d-sh--w- c:\documents and settings\rxxxxxxxxon\UserData
2009-12-20 14:50 . 2009-12-20 15:18 -------- d-----w- c:\documents and settings\rxxxxxxxxon.domain\Application Data\FileZilla
2009-12-20 14:50 . 2009-12-20 14:50 -------- d-----w- c:\program files\FileZilla FTP Client
2009-12-20 14:09 . 2008-04-14 10:41 59392 ----a-w- c:\windows\system32\eapqec.dll
2009-12-20 14:08 . 2008-04-14 10:41 8192 ----a-w- c:\windows\system32\dllcache\httpmb51.dll
2009-12-20 14:07 . 2008-04-14 10:42 267776 ----a-w- c:\windows\system32\dllcache\fxssvc.exe
2009-12-20 14:07 . 2008-04-14 10:41 400384 ----a-w- c:\windows\system32\dllcache\fxsxp32.dll
2009-12-20 14:07 . 2008-04-14 10:39 6656 ----a-w- c:\windows\system32\dllcache\fxsres.dll
2009-12-20 14:06 . 2008-04-14 10:41 246272 ----a-w- c:\windows\system32\dllcache\fxst30.dll
2009-12-20 14:06 . 2008-04-14 10:41 23552 ----a-w- c:\windows\system32\dllcache\fxsext32.dll
2009-12-20 14:06 . 2008-04-14 05:11 20736 ----a-w- c:\windows\system32\dllcache\ramdisk.sys
2009-12-20 14:06 . 2008-04-14 10:41 451584 ----a-w- c:\windows\system32\dllcache\fxsapi.dll
2009-12-20 14:06 . 2008-04-14 10:41 562176 ----a-w- c:\windows\system32\dllcache\fxsst.dll
2009-12-20 14:06 . 2008-04-14 10:41 192512 ----a-w- c:\windows\system32\dllcache\fxswzrd.dll
2009-12-20 14:06 . 2008-04-14 10:42 229376 ----a-w- c:\windows\system32\dllcache\fxscover.exe
2009-12-20 14:06 . 2008-04-14 10:41 397312 ----a-w- c:\windows\system32\dllcache\fxstiff.dll
2009-12-20 14:05 . 2008-04-14 10:41 72192 ----a-w- c:\windows\system32\dllcache\fxscom.dll
2009-12-20 14:05 . 2008-04-14 10:41 8704 ----a-w- c:\windows\system32\dllcache\fxsperf.dll
2009-12-20 14:05 . 2008-04-14 10:41 154112 ----a-w- c:\windows\system32\dllcache\fxsui.dll
2009-12-20 14:05 . 2008-04-14 10:41 55296 ----a-w- c:\windows\system32\dllcache\fxsevent.dll
2009-12-20 14:05 . 2008-04-14 10:41 26624 ----a-w- c:\windows\system32\dllcache\fxsdrv.dll
2009-12-20 14:04 . 2008-04-14 10:42 142848 ----a-w- c:\windows\system32\dllcache\fxsclnt.exe
2009-12-20 14:04 . 2009-12-20 14:10 -------- d-----w- c:\windows\ServicePackFiles
2009-12-20 13:59 . 2008-04-14 03:04 327040 ----a-w- c:\windows\system32\drivers\ati2mtaa.sys
2009-12-20 06:56 . 2001-08-18 03:36 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2009-12-20 06:56 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2009-12-20 06:56 . 2001-08-18 03:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2009-12-20 06:56 . 2001-08-18 03:36 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2009-12-20 06:56 . 2001-08-18 03:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-12-20 06:56 . 2001-08-18 03:36 65536 ----a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2009-12-20 06:56 . 2001-08-18 03:36 43520 ----a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2009-12-20 06:56 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-12-20 06:55 . 2004-08-04 12:00 73728 ----a-w- c:\windows\system32\dllcache\w3ext.dll
2009-12-20 06:55 . 2008-04-14 10:42 456192 ----a-w- c:\windows\system32\dllcache\smtpsvc.dll
2009-12-20 06:55 . 2008-04-14 10:42 103424 ----a-w- c:\windows\system32\dllcache\uihelper.dll
2009-12-18 18:11 . 2009-12-18 18:11 -------- d-----w- c:\program files\Aladdin
2009-12-14 06:42 . 2009-12-15 03:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-14 05:12 . 2009-12-14 05:12 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-12-13 21:20 . 2009-12-28 20:28 247920 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-13 20:22 . 2009-12-13 20:22 -------- d-----w- c:\documents and settings\rxxxxxxxxon.domain\Local Settings\Application Data\Hyland Software, Inc
2009-12-13 20:03 . 2009-12-13 20:07 -------- d-----w- c:\documents and settings\rxxxxxxxxon.domain\SecurityScans
2009-12-13 19:58 . 2009-12-13 19:58 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2009-12-11 04:16 . 2009-12-11 04:16 -------- d-----w- c:\windows\system32\ACLSet
2009-12-11 02:18 . 2009-12-11 02:18 -------- d-----w- c:\program files\Java
2009-12-10 20:00 . 2008-04-14 10:42 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-10 20:00 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-10 20:00 . 2008-04-14 10:42 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-10 20:00 . 2001-08-18 03:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-10 20:00 . 2001-08-18 03:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-10 19:59 . 2001-08-18 03:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-10 19:59 . 2001-08-17 17:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-10 19:59 . 2008-04-14 03:04 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-10 19:59 . 2008-04-14 03:04 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-10 19:59 . 2008-04-14 05:06 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2009-12-10 19:59 . 2008-04-14 03:05 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-12-10 19:59 . 2001-08-17 17:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-12-10 19:59 . 2001-08-17 18:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2009-12-10 19:59 . 2001-08-18 03:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-12-10 19:59 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-12-10 19:59 . 2004-08-04 12:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2009-12-10 19:59 . 2004-08-04 12:00 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2009-12-10 19:57 . 2001-08-17 18:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2009-12-10 19:56 . 2001-08-18 03:36 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2009-12-10 19:55 . 2001-08-17 17:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2009-12-10 19:54 . 2001-08-17 18:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2009-12-10 19:53 . 2001-08-18 03:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2009-12-10 19:52 . 2001-08-17 17:12 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys
2009-12-10 19:51 . 2001-08-17 17:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2009-12-10 19:50 . 2001-08-17 18:51 23936 ----a-w- c:\windows\system32\dllcache\sccmusbm.sys
2009-12-10 19:49 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\dllcache\rwia330.dll
2009-12-10 19:48 . 2008-04-14 05:10 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2009-12-10 19:47 . 2001-08-18 03:36 16384 ----a-w- c:\windows\system32\dllcache\philcam1.dll
2009-12-10 19:46 . 2001-08-18 03:36 116736 ----a-w- c:\windows\system32\dllcache\ovcodec2.dll
2009-12-10 19:45 . 2001-08-17 18:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-12-10 19:44 . 2001-08-17 17:11 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2009-12-10 19:43 . 2008-04-14 05:16 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2009-12-10 19:42 . 2008-04-14 04:53 606684 ----a-w- c:\windows\system32\dllcache\ltmdmnt.sys
2009-12-10 19:41 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2009-12-10 19:40 . 2001-08-17 19:06 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2009-12-10 19:39 . 2001-08-18 03:36 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2009-12-10 19:38 . 2001-08-17 19:02 2688 ----a-w- c:\windows\system32\dllcache\hidswvd.sys
2009-12-10 19:37 . 2001-08-17 17:10 22090 ----a-w- c:\windows\system32\dllcache\fem556n5.sys
2009-12-10 19:36 . 2001-08-17 18:50 114944 ----a-w- c:\windows\system32\dllcache\epstw2k.sys
2009-12-10 19:35 . 2001-08-17 17:14 952007 ----a-w- c:\windows\system32\dllcache\diwan.sys
2009-12-10 19:34 . 2001-08-17 18:50 49792 ----a-w- c:\windows\system32\dllcache\cyzport.sys
2009-12-10 19:33 . 2001-08-17 18:28 714698 ----a-w- c:\windows\system32\dllcache\cbmdmkxx.sys
2009-12-10 19:32 . 2008-04-14 05:16 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys
2009-12-10 19:31 . 2001-08-17 19:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-12-04 18:03 . 2009-12-16 00:15 -------- d-----w- c:\documents and settings\rxxxxxxxxon.domain\Local Settings\Application Data\Temp
2009-12-04 17:37 . 2009-12-27 00:40 -------- d-----w- c:\program files\Trend Micro
2009-12-04 05:36 . 2009-12-04 05:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zeon
2009-12-04 05:08 . 2009-12-04 05:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-12-04 05:07 . 2009-12-04 05:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2009-12-04 05:06 . 2009-12-04 05:06 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-12-04 05:02 . 2009-12-04 05:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-04 05:02 . 2009-12-04 05:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Scansoft
2009-12-04 05:02 . 2009-12-14 00:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\VMware
2009-12-04 05:02 . 2009-12-04 05:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-12-03 21:14 . 2009-12-03 21:14 -------- d-----w- C:\swshare
2009-12-03 16:48 . 2009-12-03 16:48 -------- d-----w- c:\documents and settings\rxxxxxxxxon.domain\Local Settings\Application Data\Mozilla
2009-12-03 16:42 . 2009-12-04 05:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Cisco
2009-12-03 16:40 . 2009-12-03 16:40 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-02 02:24 . 2009-12-02 02:24 0 ----a-w- c:\windows\nsreg.dat
2009-12-02 02:24 . 2009-12-02 02:24 -------- d-----w- c:\documents and settings\rxxxxxxxxon\Local Settings\Application Data\Mozilla
2009-12-02 02:10 . 2009-12-02 02:10 -------- d-----w- c:\program files\Cisco
2009-12-02 02:10 . 2009-12-02 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 14:23 . 2008-04-13 23:50 -------- d-----w- c:\documents and settings\rxxxxxxxxon.domain\Application Data\VMware
2009-12-31 14:18 . 2008-04-13 23:48 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware
2009-12-31 14:18 . 2008-04-13 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-12-31 14:18 . 2009-09-01 02:31 -------- d-----w- c:\program files\Reform_Enterprise_v12
2009-12-30 19:26 . 2008-04-13 21:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-12-28 21:46 . 2005-09-19 18:08 132592 ----a-w- c:\documents and settings\rxxxxxxxxon.domain\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-28 18:57 . 2008-10-24 13:40 -------- d-----w- c:\documents and settings\rxxxxxxxxon\Application Data\VMware
2009-12-28 18:45 . 2008-10-24 13:41 132592 ----a-w- c:\documents and settings\rxxxxxxxxon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-28 15:18 . 2008-02-13 19:55 132592 ----a-w- c:\documents and settings\LCGRDMS\ASPNET\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-27 23:23 . 2005-10-11 11:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-27 20:22 . 2005-09-07 20:30 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-26 04:35 . 2008-02-12 20:15 132592 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-25 20:58 . 2005-09-08 19:09 -------- d-----w- c:\program files\Hyland
2009-12-21 19:40 . 2009-12-01 21:42 61440 ----a-r- c:\documents and settings\rxxxxxxxxon.domain\Application Data\Microsoft\Installer\{FCDAD585-9A94-4C48-8FE8-8A1100011164}\VM_9SecondFoods.vmx1_FCDAD5859A944C488FE88A1100011164.exe
2009-12-21 19:40 . 2009-12-01 21:42 61440 ----a-r- c:\documents and settings\rxxxxxxxxon.domain\Application Data\Microsoft\Installer\{FCDAD585-9A94-4C48-8FE8-8A1100011164}\VM_9SecondFoods.vmx_FCDAD5859A944C488FE88A1100011164.exe
2009-12-21 19:40 . 2009-12-01 21:42 61440 ----a-r- c:\documents and settings\rxxxxxxxxon.domain\Application Data\Microsoft\Installer\{FCDAD585-9A94-4C48-8FE8-8A1100011164}\ARPPRODUCTICON.exe
2009-12-21 19:40 . 2009-12-01 21:42 25214 ----a-r- c:\documents and settings\rxxxxxxxxon.domain\Application Data\Microsoft\Installer\{FCDAD585-9A94-4C48-8FE8-8A1100011164}\toggle.bat1_FCDAD5859A944C488FE88A1100011164.exe
2009-12-20 23:05 . 2008-02-01 21:18 2912256 ----a-w- c:\windows\system32\dmmailsvc.dll
2009-12-20 14:13 . 2004-08-09 17:54 86759 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 01:29 . 2005-09-20 12:01 -------- d-----w- c:\program files\Canon
2009-12-20 01:23 . 2006-04-16 16:47 -------- d-----w- c:\program files\Sonic
2009-12-20 01:16 . 2007-11-01 14:31 -------- d-----w- c:\program files\Quick Screen Capture
2009-12-20 01:16 . 2009-05-15 18:12 -------- d-----w- c:\documents and settings\rxxxxxxxxon.domain\Application Data\ScanSoft
2009-12-20 01:16 . 2009-05-15 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-12-20 01:12 . 2009-10-21 20:21 -------- d-----w- c:\program files\ScanSoft
2009-12-19 21:48 . 2009-01-07 01:42 -------- d-----w- c:\program files\Panda Security
2009-12-17 19:22 . 2009-11-30 22:05 28856 ----a-w- c:\documents and settings\rxxxxxxxxon.domain\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\CSDWebLaunch.exe
2009-12-14 01:46 . 2005-09-05 04:45 -------- d-----w- c:\program files\Google
2009-12-11 04:46 . 2009-12-02 02:55 28856 ----a-w- c:\documents and settings\rxxxxxxxxon.domain\Application Data\Cisco\Cisco AnyConnect VPN Client\Cache\inst.exe
2009-12-11 02:31 . 2009-12-11 02:18 152576 ----a-w- c:\documents and settings\rxxxxxxxxon.domain\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-11 02:30 . 2009-12-11 02:16 79488 ----a-w- c:\documents and settings\rxxxxxxxxon.domain\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-11 02:18 . 2008-11-04 01:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-04 13:18 . 2009-12-04 05:26 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-04 06:04 . 2009-03-31 01:04 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-04 05:42 . 2009-01-08 16:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 05:42 . 2009-02-06 19:04 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 05:37 . 2009-12-04 05:04 28856 ----a-w- c:\documents and settings\Administrator\Application Data\Cisco\Cisco AnyConnect VPN Client\Cache\inst.exe
2009-12-04 05:33 . 2009-12-03 16:42 28856 ----a-w- c:\documents and settings\Administrator\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\CSDWebLaunch.exe
2009-12-04 05:24 . 2009-12-04 05:24 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-03 21:14 . 2009-01-08 16:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-01-08 16:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 02:55 . 2009-11-19 19:17 -------- d-----w- c:\documents and settings\rxxxxxxxxon.domain\Application Data\Cisco
2009-12-02 02:31 . 2009-12-02 01:47 28856 ----a-w- c:\documents and settings\rxxxxxxxxon\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\CSDWebLaunch.exe
2009-12-02 02:17 . 2009-12-02 02:14 28856 ----a-w- c:\documents and settings\rxxxxxxxxon\Application Data\Cisco\Cisco AnyConnect VPN Client\Cache\inst.exe
2009-11-30 15:35 . 2009-11-30 15:31 28856 ----a-w- c:\documents and settings\administrator.domain\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\CSDWebLaunch.exe
2009-11-30 15:24 . 2009-11-30 15:24 -------- d-----w- c:\documents and settings\administrator.domain\Application Data\Cisco
2009-11-30 15:18 . 2009-11-30 15:18 133056 ----a-w- c:\documents and settings\administrator.domain\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-30 15:18 . 2009-11-30 15:18 -------- d-----w- c:\documents and settings\administrator.domain\Application Data\Malwarebytes
2009-11-30 15:17 . 2009-11-30 15:17 -------- d-----w- c:\documents and settings\administrator.domain\Application Data\ATI
2009-11-30 15:17 . 2009-11-30 15:17 -------- d-----w- c:\documents and settings\administrator.domain\Application Data\VMware
2009-11-30 15:17 . 2009-11-30 15:17 -------- d-----w- c:\documents and settings\administrator.domain\Application Data\ThinkVantage
2009-11-30 15:17 . 2009-11-30 15:17 -------- d-----w- c:\documents and settings\administrator.domain\Application Data\InstallShield
2009-11-24 14:15 . 2005-12-12 21:42 -------- d-----w- c:\program files\Ascent Pricing Configurator
2009-11-21 15:51 . 1980-01-01 07:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 19:02 . 2009-11-20 19:02 -------- d-----w- c:\documents and settings\rxxxxxxxxon\Application Data\Malwarebytes
2009-11-20 16:44 . 2009-11-20 16:44 -------- d-----w- c:\documents and settings\rxxxxxxxxon\Application Data\Zeon
2009-11-18 13:08 . 2009-11-23 21:17 554480 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT\appupdater32.exe
2009-11-18 13:08 . 2009-11-23 21:17 553968 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT\appupdater64.exe
2009-11-17 19:08 . 2006-12-21 16:07 -------- d-----w- c:\documents and settings\rxxxxxxxxon.domain\Application Data\webex
2009-11-12 13:28 . 2009-11-23 21:18 13888 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT\LTTCheck.exe
2009-11-06 00:13 . 2009-05-28 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-11-06 00:12 . 2009-05-28 04:43 -------- d-----w- c:\documents and settings\rxxxxxxxxon.domain\Application Data\ZoomBrowser EX
2009-11-04 21:19 . 2009-11-04 21:19 -------- d-----w- c:\documents and settings\rxxxxxxxxon.domain\Application Data\Macrovision
2009-10-29 07:46 . 1980-01-01 07:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2009-11-30 15:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 1980-01-01 07:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 1980-01-01 07:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 1980-01-01 07:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 18:46 . 2009-10-20 18:46 61440 ----a-r- c:\documents and settings\rxxxxxxxxon.domain\Application Data\Microsoft\Installer\{1D2AC54D-6DBA-4D3B-B186-F5845AE12051}\NewShortcut21_1D2AC54D6DBA4D3BB186F5845AE12051.exe
2009-10-20 18:46 . 2009-10-20 18:46 61440 ----a-r- c:\documents and settings\rxxxxxxxxon.domain\Application Data\Microsoft\Installer\{1D2AC54D-6DBA-4D3B-B186-F5845AE12051}\NewShortcut2_1D2AC54D6DBA4D3BB186F5845AE12051.exe
2009-10-20 18:46 . 2009-10-20 18:46 61440 ----a-r- c:\documents and settings\rxxxxxxxxon.domain\Application Data\Microsoft\Installer\{1D2AC54D-6DBA-4D3B-B186-F5845AE12051}\ARPPRODUCTICON.exe
2009-10-20 18:46 . 2009-10-20 18:46 25214 ----a-r- c:\documents and settings\rxxxxxxxxon.domain\Application Data\Microsoft\Installer\{1D2AC54D-6DBA-4D3B-B186-F5845AE12051}\NewShortcut1_1D2AC54D6DBA4D3BB186F5845AE12051.exe
2009-10-20 16:20 . 2009-03-11 16:37 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 1980-01-01 07:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 1980-01-01 07:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 1980-01-01 07:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 19:57 . 2007-10-09 17:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 19:57 . 1980-01-01 07:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 19:56 . 1980-01-01 07:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-05-04 14:38 . 2009-05-04 14:38 371894 ----a-w- c:\program files\F5.AppIcon.ico
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-04 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TpShocks"="TpShocks.exe" [2008-06-06 181536]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-22 344064]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 151552]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2007-09-28 118784]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2006-08-21 1997568]
"PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-08-30 205480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-10 98304]
"FJTWAIN Setup"="c:\windows\Twain_32\fjscan32\FjtwMkup.exe" [2007-03-08 131072]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-10 1165680]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-10 149024]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-04 72240]
"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2008-03-04 55856]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-05-08 702072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"configmsi"="rmdir" [X]
"supportdir"="rmdir" [X]
"rrgui"="c:\program files\IBM ThinkVantage\Rescue and Recovery\rrgui.exe" [2007-05-30 1384540]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2005-11-16 25214]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2006-10-12 13:42 450649 ----a-r- c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-05-21 20:54 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 03:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-12-01 00:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 15:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Reform\\AutoUpd.exe"=
"c:\\Work area and demodata\\Tasman\\Bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\rxxxxxxxxon.domain\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3811:UDP"= 3811:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"3810:UDP"= 3810:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"1201:UDP"= 1201:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"1200:UDP"= 1200:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [12/21/2005 4:39 PM 6912]
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [6/19/2007 8:28 PM 18208]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 3:21 PM 19496]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [8/22/2005 4:17 AM 14848]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [1/11/2007 11:41 AM 16384]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [3/21/2008 2:50 PM 8576]
R2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\Fjscan32\FJTWMKSV.exe [7/22/2008 12:11 PM 45056]
R2 Hyland.Core.PageHandlers.NTService;Hyland PageHandlers Service;c:\program files\Hyland\Services\PageHandlers\Hyland.Core.PageHandlers.NTService.exe [11/27/2008 5:12 AM 20480]
R2 InAspi32;InAspi32;c:\windows\system32\drivers\InAspi32.sys [11/7/2005 5:24 PM 8704]
R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe [6/22/2007 8:22 AM 95592]
R2 MSSQL$ASCENTCAPTURE;MSSQL$ASCENTCAPTURE;c:\program files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlservr.exe [5/3/2005 11:04 PM 9150464]
R2 NTPDA;NTPDA;c:\windows\system32\drivers\ntpda.sys [4/16/2009 1:23 PM 3446]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [9/3/2009 8:02 PM 61529]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/15/2005 1:11 PM 46142]
R2 Reform12_Spooler_Service;Reform12 Spooler Service;c:\program files\Reform_Enterprise_v12\ReformEnt.exe [5/26/2009 10:51 AM 6459904]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [12/21/2005 4:45 PM 3968]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [3/13/2009 1:47 PM 12560]
R2 ssCaptureManager;ssCaptureWorkflow;c:\getsmart\ssCaptureManager.exe [10/2/2009 4:11 PM 14848]
R2 ssContentIndex;ssContentSearch;c:\program files\Square9\Content Search\ssContentIndex.exe [3/19/2009 10:25 AM 15360]
R2 SSXMLTransform;SSXMLTransform;c:\program files\Square9\XML Transform\SSXMLConverter.exe [7/2/2008 4:04 PM 32768]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [9/1/2009 3:17 PM 225808]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [9/1/2009 3:17 PM 36368]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [9/1/2009 3:17 PM 575064]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [8/22/2005 4:17 AM 6528]
S2 SSImp Engine;SSImp Engine;c:\getsmart\SSIMPORTERWS.exe [9/11/2009 8:55 AM 32768]
S3 ASMPB;AutoStore Status Monitor Port Broker;c:\program files\NSI\AutoStore\ASMPB.exe [2/28/2008 3:25 PM 102400]
S3 ControlSpoolService;PrintFree Spooler Service;c:\program files\PrintFree\DLL\F5SSpool.exe [12/17/2008 9:39 AM 593920]
S3 E-mail Archive;E-mail Archive Service;c:\onbase\EMArchiver.exe [11/9/2007 4:08 PM 17158144]
S3 exe_dmwebsvcmgr;exe_dmwebsvcmgr;c:\program files\Hyland\Services\Web Server\dmwebsvcmgr.exe [11/27/2008 4:04 AM 1822720]
S3 Grn27fsm;PrintFree Directory Watch Service;c:\program files\PrintFree\DLL\F5SSubServices.exe [12/17/2008 9:43 AM 98816]
S3 Grn27LPD;PrintFree LPD Service;c:\program files\PrintFree\DLL\F5SSubServices.exe [12/17/2008 9:43 AM 98816]
S3 Hyland.Diagnostics.NTService;Hyland Diagnostics Service;c:\program files\Hyland\Services\Diagnostics\Hyland.Diagnostics.NTService.exe [11/27/2008 5:10 AM 24576]
S3 LicMan;LicMan;c:\program files\Common Files\ODT-OCE\LicMan\bin\LicMan.exe [11/9/2005 3:03 PM 798720]
S3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\drivers\memcard.sys [11/17/2006 5:17 PM 8320]
S3 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 5:17 AM 2805000]
S3 MXBULK;DualCam Still, MXBulk3.Sys;c:\windows\system32\drivers\MXBulk3.sys [1/13/2009 2:04 PM 50688]
S3 MXCap;DSC-06 Video Camera;c:\windows\system32\drivers\MXCap3.sys [1/13/2009 2:04 PM 63104]
S3 SQLAgent$ASCENTCAPTURE;SQLAgent$ASCENTCAPTURE;c:\program files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlagent.EXE [5/3/2005 8:42 PM 323584]
S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE [11/24/2008 9:31 PM 346976]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [4/21/2005 4:44 PM 14336]
S3 usbkey;USB Dongle;c:\windows\system32\drivers\USBkey.sys [12/12/2005 1:32 PM 28848]
S3 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2/3/2009 3:39 PM 427192]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: appliedimaging.com\mail
Trusted Zone: deanfoods.com\sslweb
Trusted Zone: lcgrdms
DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - hxxp://www.contentpurity.com/xp/ScanFilexp.CAB
.
- - - - ORPHANS REMOVED - - - -

Notify-ACNotify - ACNotify.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 09:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$SQLEXPRESS]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:SQLEXPRESS"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll
c:\windows\system32\NavLogon.dll

- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(5392)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\netdde.exe
c:\windows\system32\msdtc.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\ascent\bin\acsvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\mqsvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\TEMP\FO321.EXE
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\windows\system32\PRISMSVR.EXE
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\RunDll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
.
**************************************************************************
.
Completion time: 2009-12-31 09:32:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-31 14:32

Pre-Run: 35,125,641,216 bytes free
Post-Run: 35,169,394,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 8D718BC4B0158790C53C0951EAA17496

Attached Files


Edited by schrauber, 31 December 2009 - 11:58 AM.


#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:39 PM

Posted 31 December 2009 - 12:00 PM

Hi,

Please don't attach the logfiles, just post it here in your thread :(

ComboFix 09-12-30.04 - rxxxxxxxxon 12/31/2009 9:09.1.1 - x86


Did you edit your username?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 CopierGuy

CopierGuy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 31 December 2009 - 12:07 PM

Yes, I want to keep that confidential. I can edit any scripting if you need me to or I can PM you. Is that cool?

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:39 PM

Posted 31 December 2009 - 12:23 PM

No problem, just wanna know it :(

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile, also please post back with a fresh RSIT logfile.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 CopierGuy

CopierGuy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 31 December 2009 - 01:10 PM

Mbam scan came out clean. Here is the rsit log. I will start the ESET scan now

Attached Files

  • Attached File  log.txt   72.56KB   0 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users